Trouble with two internal LANS and routing between
Bear with me, I'm new to the Netgate interface. I have a NG7100 that we are going to be implementing to replace a very old firewall. I am currently having an issue attempting to route between two segregated LANs in our deployment.
WAN: Public IP coming from a core router
ETH2 IP 192.168.3.1 (gateway for LAN traffic on 3.0/21)
ETH2 VIP Alias 172.16.1.253 (172.16.1.1 GW lives on another router)
Created a gateway in "routing" for 172.16.1.253
Created rules in the firewall for 172.16.1.0/24 > 192.168.3.0/21 AND 192.168.3.0/21 > 172.16.1.0/24.
This set of rules does not allow a client on 192.168.3.0 to ping 172.16.1.1.
I then tried to create a static route for 172.16.1.0/24 to the 172.16.1.253 gateway. Pings then return an expired TTL value, meaning I have inadvertently created a loop somewhere in my routing.
Can someone please explain to me what I've botched here? I understand this is probably more of a routings question than a Netgate question, but how do you learn if you don't ask, right?
So you have both subnets set up on a single interface?
If you need more interfaces get a VLAN capable switch!
All of the additional switch interfaces are available on the front of the NG except 1 and 2. I was reading through old forum posts and found where someone was able to resolve their routing issue by using a VIP in the netgate, figured it wouldnt hurt for me to try the same thing.
I'll go back to the separate interfaces approach and try to config again, but I feel like I'm missing something. I have a 3750 behind the Netgate, so I could VLAN it that way as well, but I would prefer not to, since the NG will be doing the routing anyway.